“Recent WiFi exploit causes reflections on internet security”
What is KRACK?
A recent security flaw in WPA2, the security protocol for most modern WiFi systems, could allow an attacker to steal sensitive data including emails, credit card numbers and passwords. The exploit was found and announced by researchers at Belgian university KU Leuven reported Monday.
Depending on the network configuration, the flaw also could allow an attacker to inject or manipulate information in the system — for example, inject ransomware or other malware into websites being used.
RELATED: 10Fold Clients Weigh in on Yahoo’s Ultimate Failure
10Fold Clients and security experts commented on the security flaw:
Fundamental flaws that impact all Web users like KRACK are “incredibly rare” but not unprecedented, said Rich Campagna, CEO of Bitglass. The Heartbleed vulnerability, which surfaced in 2014, is another example of a flaw that had widespread impact across the spectrum, he told TechNewsWorld.
He elaborated in the SiliconAngle: “This vulnerability speaks to the importance of ensuring that all connections from endpoints leverage strong encryption, such as the latest versions of Transport Layer Security,” he said. “Intermediary proxies can ensure that regardless of what the application supports, all connections from end-user devices leverage strong encryption.”
Gaurav Banga, CEO of Balbix, also discussed the attack exploiting the WPA2 flaw would require an adversary to be close to the target: “Remember that many public networks are wide open anyway, and enterprises expect TLS (HTTPS) and VPNs to provide the real protection, even if WiFi is open wide,” he told TechNewsWorld. “Perhaps this is why the vulnerability disclosure was not taken very seriously until this week.”
Bitglass is a total data protection company, a global cloud access security broker (CASB), and agentless mobile security company based in Silicon Valley.
Balbix produces a predictive breach risk platform to leverage predictive analytics and AI to provide enterprises with a comprehensive and continuous risk and resilience calculation.
Enjoy your read? Check out our other content here.